package com.yft.filter;


import com.yft.dao.base.BaseConstant;
import org.apache.commons.lang.StringUtils;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;


/**
 * 后台权限验证
 * @author Administrator
 *
 */
public class LoginFilter implements Filter {

	public void destroy() {

	}

	public void doFilter(ServletRequest req, ServletResponse res, FilterChain filter) throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) req;
		HttpServletResponse response = (HttpServletResponse) res;
		String currentUrl = request.getRequestURI();
		Object member =  request.getSession().getAttribute(BaseConstant.SESSION_MEMBER);
		if((member == null && (!StringUtils.contains(currentUrl, "/message/")&&!StringUtils.contains(currentUrl, "/error/")&&!StringUtils.contains(currentUrl, "/auth/") && !StringUtils.contains(currentUrl, "/login/")&& !StringUtils.contains(currentUrl, "/ext/")))){
			if (request.getHeader("x-requested-with") != null  && request.getHeader("x-requested-with")  .equalsIgnoreCase("XMLHttpRequest")) {  //如果是ajax请求响应头会有，x-requested-with； 
                 response.setHeader("sessionstatus", "timeout");//在响应头设置session状态  
                 return;
             }  
			ServletContext con = request.getSession().getServletContext();
			String url = con.getContextPath()+"/auth/login.html";
			response.sendRedirect(url);
			return;
		}
		filter.doFilter(request, response); 
	}

	public void init(FilterConfig arg0) throws ServletException {
	}

}
